AUTOSAR CountdownAdvent Calendar 2022

SPIN(simple promela interpreter)入門

Last updated at 2024-05-16Posted at 2018-03-18

SPIN(simple promela interpreter)は、Promela(process meta language)システムです。

４日で学ぶモデル検査　初級編
https://www.amazon.co.jp/dp/4860431197/

モデル検査初級編―基礎から実践まで4日で学べる (CVS教程)
https://www.amazon.co.jp/dp/4764955059/

NuSMVとSPINで記述している。

導入

brew install spin
Updating Homebrew...
==> Auto-updated Homebrew!

** snip **

==> Downloading https://homebrew.bintray.com/bottles/spin-6.4.8.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring spin-6.4.8.high_sierra.bottle.tar.gz
🍺  /usr/local/Cellar/spin/6.4.8: 5 files, 1MB

$ brew install xspin
Updating Homebrew...
==> Auto-updated Homebrew!

** snip **

==> Downloading https://homebrew.bintray.com/bottles/xspin-5.2.5.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring xspin-5.2.5.high_sierra.bottle.tar.gz
🍺  /usr/local/Cellar/xspin/5.2.5: 3 files, 192.2KB

SPINインストール手順
https://qiita.com/kannkyo/items/f2cc2c763f38bcbb4392

例 p18

systemalpha.pml

// systemalpha.pml
mtype ={on, off}
int a, b;
type sw;
int Na, Nb;
mtype New;

active prototype alpha(){
    a = 0;
    b = 0;
    sw = off;

    do
    ::true ->
      if
      ::(b==1) -> Na = a
      ::else ->
        if 
        ::(a==0) -> Na = 1
        ::(a==1) -> Na = 2
        ::(a==2) -> Na = 0
        fi
      fi;
      if 
      ::(a==b) -> Nb = b
      ::else ->
        if
        ::(b==0) -> Nb = 1
        ::(b==1) -> Nb = 2
        ::(b==2) -> Nb = 0
        fi
      fi;
      if
      ::(a==2&&b==2) -> Nsw = on
      ::(a==1&&b==1) -> Nsw = off
      ::else -> Nsw = sw
      fi;
      atomic {
      a = Na;
      b = Nb;
      sw = Nsw
      }
    od
}

$ spin systemalpha.pml 
spin: systemalpha.pml:4, Error: syntax error	saw 'an identifier' near 'type'
spin: systemalpha.pml:8, Error: syntax error	saw 'an identifier' near 'prototype'
0 processes created

[](p -> <>q)

$ spin -f "[](p -> <>q)" systemalpha.pml
spin: systemalpha.pml.nvr:5, Error: undeclared variable: p	saw '')' = 41'

$ xspin &

Run syntax check

Xspin Version 5.2.5 -- 17 April 2010
TclTk Version 8.5/8.5

spin -a -v pan_in
no syntax errors

"run LTL property parameter"

	/*
	 * Formula As Typed: 
	 * The Never Claim Below Corresponds
	 * To The Negated Formula !()
	 * (formalizing violations of the original)
	 */

never  {    /* !() */
accept_init:
T0_init:
	do
	:: atomic { (! (())) -> assert(!(! (()))) }
	od;
accept_all:
	skip
}

"Run"

<starting verification>
spin -a -X -N pan.ltl  pan_in
spin: pan.ltl:1, Error: syntax error	saw ''[' = 91'
spin: pan.ltl:13, Error: syntax error	saw '')' = 41'
spin: pan.ltl:13, Error: syntax error	saw '')' = 41'
spin: pan_in.nvr:2, Error: aborting (ana_stmnt)
spin: 1 error(s) - aborting
child process exited abnormally

$ spin --h
use: spin [-option] ... [-option] file
	Note: file must always be the last argument
	-A apply slicing algorithm
	-a generate a verifier in pan.c
	-B no final state details in simulations
	-b don't execute printfs in simulation
	-C print channel access info (combine with -g etc.)
	-c columnated -s -r simulation output
	-d produce symbol-table information
	-Dyyy pass -Dyyy to the preprocessor
	-Eyyy pass yyy to the preprocessor
	-e compute synchronous product of multiple never claims (modified by -L)
	-f "..formula.."  translate LTL into never claim
	-F file  like -f, but with the LTL formula stored in a 1-line file
	-g print all global variables
	-h at end of run, print value of seed for random nr generator used
	-i interactive (random simulation)
	-I show result of inlining and preprocessing
	-J reverse eval order of nested unlesses
	-jN skip the first N steps in simulation trail
	-k fname use the trailfile stored in file fname, see also -t
	-L when using -e, use strict language intersection
	-l print all local variables
	-M generate msc-flow in tcl/tk format
	-m lose msgs sent to full queues
	-N fname use never claim stored in file fname
	-nN seed for random nr generator
	-O use old scope rules (pre 5.3.0)
	-o1 turn off dataflow-optimizations in verifier
	-o2 don't hide write-only variables in verifier
	-o3 turn off statement merging in verifier
	-o4 turn on rendezvous optiomizations in verifier
	-o5 turn on case caching (reduces size of pan.m, but affects reachability reports)
	-o6 revert to the old rules for interpreting priority tags (pre version 6.2)
	-o7 revert to the old rules for semi-colon usage (pre version 6.3)
	-Pxxx use xxx for preprocessing
	-p print all statements
	-pp pretty-print (reformat) stdin, write stdout
	-qN suppress io for queue N in printouts
	-r print receive events
	-replay  replay an error trail-file found earlier
		if the model contains embedded c-code, the ./pan executable is used
		otherwise spin itself is used to replay the trailfile
		note that pan recognizes different runtime options than spin itself
	-run  (or -search) generate a verifier, and compile and run it
	      options before -search are interpreted by spin to parse the input
	      options following a -search are used to compile and run the verifier pan
		    valid options that can follow a -search argument include:
		    -bfs	perform a breadth-first search
		    -bfspar	perform a parallel breadth-first search
		    -dfspar	perform a parallel depth-first search, same as -DNCORE=4
		    -bcs	use the bounded-context-switching algorithm
		    -bitstate	or -bit, use bitstate storage
		    -biterateN,M use bitstate with iterative search refinement (-w18..-w35)
				perform N randomized runs and increment -w every M runs
				default value for N is 10, default for M is 1
				(use N,N to keep -w fixed for all runs)
				(add -w to see which commands will be executed)
				(add -W if ./pan exists and need not be recompiled)
		    -swarmN,M like -biterate, but running all iterations in parallel
		    -link file.c  link executable pan to file.c
		    -collapse	use collapse state compression
		    -noreduce	do not use partial order reduction
		    -hc  	use hash-compact storage
		    -noclaim	ignore all ltl and never claims
		    -p_permute	use process scheduling order random permutation
		    -p_rotateN	use process scheduling order rotation by N
		    -p_reverse	use process scheduling order reversal
		    -rhash      randomly pick one of the -p_... options
		    -ltl p	verify the ltl property named p
		    -safety	compile for safety properties only
		    -i	    	use the dfs iterative shortening algorithm
		    -a	    	search for acceptance cycles
		    -l	    	search for non-progress cycles
		similarly, a -D... parameter can be specified to modify the compilation
		and any valid runtime pan argument can be specified for the verification
	-S1 and -S2 separate pan source for claim and model
	-s print send events
	-T do not indent printf output
	-t[N] follow [Nth] simulation trail, see also -k
	-Uyyy pass -Uyyy to the preprocessor
	-uN stop a simulation run after N steps
	-v verbose, more warnings
	-w very verbose (when combined with -l or -g)
	-[XYZ] reserved for use by xspin interface
	-V print version number and exit

参考文献

SPINインストール手順
https://qiita.com/kannkyo/items/f2cc2c763f38bcbb4392

モデル検査SPINと統合環境jSpinとispinの導入
https://qiita.com/nt_tn/items/60752a314392140e621a

仮想環境でSpinモデル検査
https://qiita.com/tokikaze0604/items/2a167ff54e2b9576b233

Is Parallel Programming Hard, And, If So, What Can You Do About It?
https://qiita.com/yohhoy/items/bf6cd447fe4964f95d3e

プログラミング言語教育のXYZ
https://qiita.com/kaizen_nagoya/items/1950c5810fb5c0b07be4

SWESTまとめ
https://qiita.com/kaizen_nagoya/items/62e56ae151554d6200c0

文書履歴

ver 0.10 初稿 20180318
ver 0.11 参考文献・文書履歴追記 20180411
ver. 0.12 ありがとう追記　20230508

最後までおよみいただきありがとうございました。

いいね　💚、フォローをお願いします。

Thank you very much for reading to the last sentence.

Please press the like icon 💚　and follow me for your happy life.

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up